Accounts Phase 1c: sign-in UI, magic-link landing, auth store

- Shared reactive auth store (auth.user) + postJSON helper (sends the cookie).
- SignIn modal: email -> "check your inbox" (calm, no password); Google slots in
  here in Phase 2.
- /auth/verify route exchanges the magic-link token for a session, then home.
- Header shows "Sign in" or an account avatar; the You sheet gains "Signed in as
  …" + Sign out (or a Sign in row). Anonymous browsing is unchanged.
This commit is contained in:
jay
2026-06-03 01:19:30 +00:00
parent d2ae56dc65
commit 9237180608
6 changed files with 310 additions and 2 deletions
+20
View File
@@ -3,3 +3,23 @@ export async function getJSON(url) {
if (!r.ok) throw new Error((await r.text().catch(() => '')) || r.statusText);
return r.json();
}
export async function postJSON(url, body) {
const r = await fetch(url, {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(body ?? {}),
credentials: 'same-origin', // send/receive the session cookie
});
if (!r.ok) {
let msg = r.statusText;
try {
const j = await r.json();
if (j && j.detail) msg = j.detail;
} catch {
/* non-JSON error body */
}
throw new Error(msg);
}
return r.json();
}